Data security

Question 1

What are the four main threats to data security?

Answer 1

Hardware failure/fault
Software failure
Human error
Deliberate/Malicious damage or access

Question 2

What is data integrity?

Answer 2

The correctness of the data

Question 3

What is data privacy?

Answer 3

not allowing unauthorised people to access the data

Question 4

What is data security?

Answer 4

a term used for methods that try to ensure that integrity and/or privacy of data is maintained

Question 5

Name 3 examples of hardware failure/fault

Answer 5

hard-disk failure, data corruption during data transfer and power failure while saving file

Question 6

Name 2 examples of software failure

Answer 6

programming error which causes program to crash without data being saved, software not installed correctly

Question 7

Name 3 examples of Deliberate/Malicious damage or access

Answer 7

a disgruntled ex-employee deletes important files, a virus infects PC and deletes information (or transmits to an unauthorised person), a hacker guesses a login and password and gains access to information

Question 8

Name 3 ways you can protect data against hardware failure

Answer 8

UPS - uninterruptable power supplies - if power fails work of battery

Secondary backup power supply

Have backups (maybe off-site) of data

Use RAID system - data is written to more than one hard disk

Question 9

Name 2 ways you can protect data against software failure

Answer 9

Difficult/impossible to entirely sop data loss through software failure

Buy tried and tested software that has been used for a while to ensure problems have been ironed out.

Backup/recovery systems.

Question 10

Name 3 ways you can protect data against Human Error

Answer 10

Warnings if data is being deleted

Access rights on files so that only data that user can access can be corrupted

Backups

Question 11

Name 3 ways you can protect data against Malicious Intent

Answer 11

Login/Password/Biometrics

data transmitted across networks should be encrypted

firewalls

Question 12

Why is disaster planning important?

Answer 12

Many organisations rely on computer systems and could not continue/survive if system data lost or failed for anything but a short time (e.g. online retailers)

Question 13

What are the elements of disaster planning?

Answer 13

Regular backups (off-site) is the most important thing

Files archived off-site

Alternative systems

Backup power supplies, etc.

Staff need to be trained in how to recover successfully

Question 14

What is a disaster plan?

Answer 14

A disaster plan is a vital document in any organisation to give guidance as to what the organisation will do in the event of different disasters occurring.

Question 15

What is a contingency plan?

Answer 15

a method of recovery for a risk that has been identified

Question 16

What is accidental damage?

Answer 16

When data is unintentionally amended or deleted;

People likely to cause accidental damage to data by deleting or amending data by accident.

Question 17

What is malicious damage?

Answer 17

When data is intentionally amended or deleted;

Hackers likely to cause malicious damage to data

Disgruntled store employees deleting or amending data on purpose.

Question 18

What is encryption used for?

Answer 18

Used to hide sensitive information from illegitimate recipients by using encryption algorithms and an encryption key to convert plain text to cypher text.

It will be illegible to those without the encryption and decryption key

Question 19

What are the two methods of key encryption?

Answer 19

Symmetric key encryption

Public key (asymmetric) encryption

Question 20

What is encryption?

Answer 20

Encryption is the process of changing data, using an algorithm, into a format that cannot be interpreted before being transmitted over the Internet.

When the encrypted data is received at the correct destination, another algorithm is applied to change it back into its original format.

Question 21

What is plain text?

Answer 21

The term for the unencrypted message or text

Question 22

What is cipher text?

Answer 22

The name given to the encrypted text

Question 23

What is decryption?

Answer 23

The process of converting cipher text back into plain text

Question 24

What is symmetric encryption?

Answer 24

The sender and receiver of a message share a single, common key (private key) that is used to encrypt and decrypt the message.

If the receiving system does not know the private key, then it cannot decrypt the message.

Question 25

What are the risks of symmetric key encryption?

Answer 25

If the private key is sent across a network and is intercepted, a hacker is able to decrypt the data and so is not generally used for this;

If someone does get hold of the private key this can cause a lot of damage because everything that has been encrypted with the key can be read;

Symmetric encryption is very fast (compared to asymmetric encryption);

Question 26

What is a public key?

Answer 26

A code used to encrypt/decrypt data that can be made public and is linked to a corresponding private key.

Question 27

What is a private key?

Answer 27

A code used to encrypt/decrypt data that is linked to a corresponding public key.

Question 28

What are the disadvantages of asymmetric encryption?

Answer 28

more complex to generate

asymmetric encryption/decryption is slower as it takes longer to encrypt and decrypt the messages than symmetric encryption.

Question 29

What are biometrics?

Answer 29

Attempts to confirm the identity of a user by physical characteristics, e.g. fingerprint, face, iris, DNA, hand/palm, scent/odour or behaviour, e.g. typing rhythm or voice etc.

Question 30

What are the three stages of biometric identification?

Answer 30

Stage one – biometric reading is taken and stored in system.

Stage two – when access is required a new scan is taken and compared to those on file.

Stage three – if match is found then entry is permitted.

Question 31

What are the types of malicious software/threats?

Answer 31

Virus
Trojan
Worm
DoS Attacks
Phishing

Question 32

What is a virus?

Answer 32

A small computer program attached to another program or file and usually intended to harm the data on the computer.

If the virus is run it will:

• copy itself onto memory sticks or other computers via a network if possible
• Once enough copies are made it will aim to delete/corrupt files, wipe the hard-drive or display unwanted messages

Question 33

What is a trojan?

Answer 33

Similar to a virus however involves trickery to fool a user into running a program that they think is legitimate;

Malware that is hidden within another file on your computer.

They give a hacker the opportunity to access a computer remotely without the knowledge of the user.

Question 34

What is a worm?

Answer 34

A worm is a sub-class of virus

it uses vulnerabilities or inadequate security in systems to transmit itself across networks to other computers

doesn’t require human interaction to run or spread.

Question 35

What is DoS attack?

Answer 35

Involves bombarding a computer system with data requests so that it becomes overloaded and unable to carry out its normal operations. This usually involves a DDoS attack (where thousands of computers bombard an internet server with millions of packets of data)

Question 36

What is asymmetric key encryption?

Answer 36

Known as public/private key encryption is when both parties have a pair of keys, one private and one public. The Public Key is kept in the open freely usable by anyone as is the encryption algorithm, however the Private Key is kept hidden.

The public key is used to encrypt the data and the private key decrypts it.

A message encrypted with A’s public key can only be decrypted with B’s private key.

Question 37

What is Phishing?

Answer 37

Using fake emails or websites to try and fool a user into entering personal data and/or credit card details. E.g. email pretending to be from users bank.

Question 38

What can protect a computer from malicious software/threats?

Answer 38

Anti-virus: although not fool-proof having up-to-date to anti-virus will stop most threats;

Educate users: Do not open attachments, software or click on web links unless you’re sure it safe.

Firewalls: Running firewall software will stop many threats from gaining access via a network/Internet connection;

Question 39

What is a hacker

Answer 39

A hacker tries to gain access to a computer or network by taking advantage of security weaknesses

They may also take advantage of unpatched (or unknown) software vulnerabilities to gain access.

Question 40

What are the two types of hackers?

Answer 40

• Black-hat hackers

- White-hat hackers

Question 41

What is a black hat hacker?

Answer 41

break into systems for personal gain or malicious reasons;

Question 42

What is a white hat hacker?

Answer 42

break into systems for non-malicious reasons to try to find security weaknesses so they can report problems and help them to be fixed. They may work for the company in question;

Question 43

What is a risk assessment

Answer 43

Identifying different risks in a situation

Question 44

Name examples of what contingency planning anticipates for

Answer 44

Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.)

Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals)

Connectivity to a server (fibre, cable, wireless etc.)

Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity etc.)

Data and restoration